APMSSO ansible installer

CA-APM · Jun 25, 2019 · cb417eb · cb417eb
1 parent 56c0c26
commit cb417eb
Show file tree

Hide file tree

Showing 20 changed files with 1,360 additions and 0 deletions.
diff --git a/APMSSO_Ansible/README.md b/APMSSO_Ansible/README.md
@@ -0,0 +1,5 @@
+1. Download APMSSO installer from support site.
+2. Extract the installer to get the 64 and 32 bit libraries and configuration files.
+3. Create directory name CA_APM_SSO_13.2.0 incase 13.2 version in the folder infra-agent-automation/APMSSO_Ansible/roles/apmsso_role/files
+4. Create three more directories inside CA_APM_SSO_13.2.0 folder. Namely, bin, bin64 and config to place the libs and configur files in corresponding directory.
+5. After the files are copied, follow the instructions at https://cawiki.ca.com/display/APM/README+for+APMSSO+Agent+Remote+installation+using+Ansible 
diff --git a/APMSSO_Ansible/ansible.cfg b/APMSSO_Ansible/ansible.cfg
@@ -0,0 +1,145 @@
+[defaults]
+
+ansible_winrm_operation_timeout_sec: 120
+ansible_winrm_read_timeout_sec: 150
+#Ansible works against multiple systems in your infrastructure at the same time. It does this by selecting portions of systems listed in Ansible’s inventory, which we use to being saved in the location "host_vars/hosts"
+inventory      = host_vars/apmsso_hosts
+
+#The forks parameter controls how many hosts are configured by Ansible in parallel. By default, the forks parameter in Ansible is a very conservative 5.  This means that only 5 hosts will be configured at the same time, and it's expected that every user will change this parameter to something more suitable for their environment.  A good value might be 25 or even 100.
+forks          = 100
+
+#This paramerer will set callbac_plugins script folder and action_plugins folder apart from default.
+callback_plugins = plugins/callback
+#action_plugins     = plugins/action
+
+#This parameter will set stdout_callback to 'apmia_progress', stdout_callback is responsible to display things on console and also responsible for log file. we have our own callback python script for this
+stdout_callback = apmsso_callback_log.py
+
+
+#If a host is reinstalled and has a different key in ‘known_hosts’, this will result in an error message until corrected. If a host is not initially in ‘known_hosts’ this will result in prompting for confirmation of the key, which results in an interactive experience if using Ansible, from say, cron. You might not want this.
+host_key_checking = False
+
+#The default is ‘smart’, which will use ‘ssh’ (OpenSSH based) if the local operating system is new enough to support ControlPersist technology, and then will otherwise use ‘paramiko’. Other transport options include ‘local’, ‘chroot’, ‘jail’, and so on.
+transport = smart
+
+# SSH timeout time we can define from this option
+#timeout = 10
+
+#By enabling this option, any system related warning to playbook will display on console.
+system_warnings = False
+deprecation_warnings = False
+command_warnings = False
+
+# Strategy allow to change the default strategy used by Ansible. by default, ansible will use the 'linear' strategy but you may want to try
+#strategy = free
+
+#This option allows you to configure fact caching. When a fact cache is enabled and there is valid data for a host, Ansible will use that rather than running an implicit setup job on a remote host. The value of this option should be the name of a cache plugin. Current versions of Ansible include redis and jsonfile
+fact_caching = memory
+
+#This controls whether a failed Ansible playbook should create a .retry file. The default setting is True
+retry_files_enabled = False
+#retry_files_save_path = ~/.ansible-retry
+
+#Define role path
+#roles_path    = apmia_roles/
+
+# prevents logging of tasks, but only on the targets, data is still logged on the master/controller
+#no_target_syslog = False
+
+# Controls showing custom stats at the end, off by default
+#show_custom_stats = True
+
+
+# set default errors for all plays
+#any_errors_fatal = False
+
+[paramiko_connection]
+
+# uncomment this line to cause the paramiko connection plugin to not record new host
+# keys encountered.  Increases performance on new host additions.  Setting works independently of the
+# host key checking setting above.
+#record_host_keys=False
+
+# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
+# line to disable this behaviour.
+#pty=False
+
+# paramiko will default to looking for SSH keys initially when trying to
+# authenticate to remote devices.  This is a problem for some network devices
+# that close the connection after a key failure.  Uncomment this line to
+# disable the Paramiko look for keys function
+#look_for_keys = False
+
+# When using persistent connections with Paramiko, the connection runs in a
+# background process.  If the host doesn't already have a valid SSH key, by
+# default Ansible will prompt to add the host key.  This will cause connections
+# running in background processes to fail.  Uncomment this line to have
+# Paramiko automatically add host keys.
+#host_key_auto_add = True
+
+[ssh_connection]
+
+# ssh arguments to use
+# Leaving off ControlPersist will result in poor performance, so use
+# paramiko on older platforms rather than removing it, -C controls compression use
+#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
+
+# The base directory for the ControlPath sockets. 
+# This is the "%(directory)s" in the control_path option
+# 
+# Example: 
+# control_path_dir = /tmp/.ansible/cp
+#control_path_dir = ~/.ansible/cp
+
+# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname, 
+# port and username (empty string in the config). The hash mitigates a common problem users 
+# found with long hostames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format. 
+# In those cases, a "too long for Unix domain socket" ssh error would occur.
+#
+# Example:
+# control_path = %(directory)s/%%h-%%r
+#control_path =
+
+# Enabling pipelining reduces the number of SSH operations required to
+# execute a module on the remote server. This can result in a significant
+# performance improvement when enabled, however when using "sudo:" you must
+# first disable 'requiretty' in /etc/sudoers
+#
+# By default, this option is disabled to preserve compatibility with
+# sudoers configurations that have requiretty (the default on many distros).
+#
+#pipelining = False
+
+# Control the mechanism for transferring files (old)
+#   * smart = try sftp and then try scp [default]
+#   * True = use scp only
+#   * False = use sftp only
+#scp_if_ssh = smart
+
+# Control the mechanism for transferring files (new)
+# If set, this will override the scp_if_ssh option
+#   * sftp  = use sftp to transfer files
+#   * scp   = use scp to transfer files
+#   * piped = use 'dd' over SSH to transfer files
+#   * smart = try sftp, scp, and piped, in that order [default]
+#transfer_method = smart
+
+# if False, sftp will not use batch mode to transfer files. This may cause some
+# types of file transfer failures impossible to catch however, and should
+# only be disabled if your sftp version has problems with batch mode
+#sftp_batch_mode = False
+
+[colors]
+#highlight = white
+#verbose = blue
+#warn = bright purple
+#error = red
+#debug = dark gray
+#deprecate = purple
+#skip = cyan
+#unreachable = red
+#ok = green
+#changed = yellow
+#diff_add = green
+#diff_remove = red
+#diff_lines = cyan
diff --git a/APMSSO_Ansible/apmsso.yml b/APMSSO_Ansible/apmsso.yml
@@ -0,0 +1,76 @@
+############ Converting csv list to usable hosts file #####################
+- hosts: localhost
+  connection: local
+  gather_facts: true
+  tasks:
+    - set_fact: csvfile="{{ lookup('file', item) }}"
+      with_fileglob:
+         - "host_vars/*csv"
+    - set_fact: hosts_list="{{ lookup('file', './host_vars/apmsso_hosts') }}"  
+    - name: Parse CSV To hosts
+      template:
+        src: "roles/apmsso_role/template/hosts.j2"
+        dest: "./host_vars/apmsso_hosts"
+      run_once: true
+      delegate_to: localhost
+      when: csvfile is defined
+    - meta: refresh_inventory
+##############################################################################
+
+######## Decrypting openssl encrypted password and sudo password ############
+- name: Decrypt, if password is increpted
+  hosts: all
+  gather_facts: False
+  tasks:
+    - name: check decrypt.sh is present or not
+      stat:
+        path: "roles/apmsso_role/files/decrypt.sh"
+      run_once: true
+      delegate_to: localhost
+      register: decrypt_file_status
+    - command: sh roles/apmsso_role/files/decrypt.sh {{ item|default('') }}
+      no_log: true
+      register: decrypted_password
+      delegate_to: localhost
+      with_items:
+          - "{{ ansible_password }}"
+          - "{{ ansible_sudo_pass }}"
+      when: decrypt_file_status.stat.exists == true
+    - set_fact:
+        ansible_password: '{{ decrypted_password.results[0].stdout }}'
+      when: decrypt_file_status.stat.exists == true and decrypted_password.results[0].stdout != ''
+    - set_fact:
+        ansible_sudo_pass: '{{ decrypted_password.results[1].stdout }}'
+      when: decrypt_file_status.stat.exists == true and decrypted_password.results[1].stdout != ''
+######################################################################################
+
+########### Including apmia role ##################################################
+    - block:
+        - set_fact:
+             apmsso_install: "{{ apmsso_install }}"
+          when: apmsso_install is defined
+        - set_fact:
+             server_Path: "{{ server_Path }}"
+          when: server_Path is defined
+        - set_fact:
+             apmia_host: "{{ apmia_host }}"
+          when: apmia_host is defined
+        - set_fact:
+             epagent_httpServerPort: "{{ epagent_httpServerPort }}"
+          when: epagent_httpServerPort is defined
+        - set_fact:
+             epagent_networkDataPort: "{{ epagent_networkDataPort }}"
+          when: epagent_networkDataPort is defined
+        - set_fact:
+             caapmsso_log_path: "{{ caapmsso_log_path }}"
+          when: caapmsso_log_path is defined
+    - include_role:
+        name: apmsso_rollback
+      when: apmsso_rollback is defined and apmsso_rollback|lower is search( '^yes$|^y$|^true$' )
+    - include_role:
+        name: apmsso_role
+      when: apmsso_rollback is not defined or apmsso_rollback|lower is not search( '^yes$|^y$|^true$' )
+    - debug:
+        msg: "Please pass correct argument or left it blank. ( ansible-playbook apmsso.yml -e apmsso_rollback=true)"
+      when: apmsso_rollback is defined and apmsso_rollback|lower is not search( '^yes$|^y$|^true$' )
+#######################################################################################
diff --git a/APMSSO_Ansible/host_vars/apmsso_hosts b/APMSSO_Ansible/host_vars/apmsso_hosts
@@ -0,0 +1,2 @@
+redma11-E16753.ca.com ansible_user=root ansible_password=aW50ZXJPUEAxMjMK ansible_sudo_pass= apmsso_install=/etc/ansible_test4 apmia_host=10.80.53.64 server_Path=/usr/local/apache2 epagent_networkDataPort=8000 epagent_httpServerPort=8090 caapmsso_log_path=/root/CA_APM_SSO_13.2.0/log/
+10.162.10.235 ansible_user=root ansible_password=aW50ZXJPUEAxMjMK ansible_sudo_pass= apmsso_install=/etc/ansible_test4 apmia_host=10.80.53.64 server_Path= epagent_networkDataPort=8000 epagent_httpServerPort=8090 caapmsso_log_path=/root/CA_APM_SSO_13.2.0/log/
diff --git a/APMSSO_Ansible/host_vars/hostfile.csv.sample b/APMSSO_Ansible/host_vars/hostfile.csv.sample
@@ -0,0 +1,22 @@
+#########################################################################
+#Through updated CSV file, ansible script will generate usable entry for ansible itself in 'host_vars/apmia_hosts' file. So be ensure to not delete 'host_vars/apmsso_hosts' file.
+#######################################################################
+#Sample csv file entry
+###########################################################################################################################################
+#hosts,ansible_user,ansible_password,ansible_sudo_pass
+#
+#
+#host -------------------------------------> Hostname or machine name
+#ansible_user -----------------------------> It could be root or sudouser
+#ansible_password ------------------------->	Password of machine
+#ansible_sudo_pass ------------------------>	This parameter is applicable only for Linux.If user want to login with sudo user then user need to provide the sudo password as well .
+#
+##########################################################################################################################################
+#######################################################################
+#Sample csv file entry for Linux
+#######################################################################
+#hostname,root,password,sudo_password
+#hostname,root,password
+#hostname,root,password,,apmsso_install,apmia_host,epagent_networkDataPort,epagent_httpServerPort,caapmsso_log_path
+#hostname,root,password,,,apmia_host,epagent_networkDataPort,epagent_httpServerPort,caapmsso_log_path
+#######################################################################
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		redma11-E16753.ca.com ansible_user=root ansible_password=aW50ZXJPUEAxMjMK ansible_sudo_pass= apmsso_install=/etc/ansible_test4 apmia_host=10.80.53.64 server_Path=/usr/local/apache2 epagent_networkDataPort=8000 epagent_httpServerPort=8090 caapmsso_log_path=/root/CA_APM_SSO_13.2.0/log/
		10.162.10.235 ansible_user=root ansible_password=aW50ZXJPUEAxMjMK ansible_sudo_pass= apmsso_install=/etc/ansible_test4 apmia_host=10.80.53.64 server_Path= epagent_networkDataPort=8000 epagent_httpServerPort=8090 caapmsso_log_path=/root/CA_APM_SSO_13.2.0/log/